PRIVACY POLICY.

Cerebrix Studio ("we", "us") designs and ships AI systems. This policy explains how we handle personal data collected through our website, sales conversations, and project engagements.

We collect:

• Contact data — name, work email, company, role.
• Project data — anything you share in briefs, calls, or shared workspaces.
• Usage data — pages visited, referrer, device, anonymized IP (analytics).
• Cookies — see our Cookie Policy.

• Reply to your inquiry and scope work.
• Deliver and improve services you engage us for.
• Send relevant updates if you opted in.
• Meet legal, accounting, and security obligations.

Sub-processors strictly necessary to run our business: email (Google Workspace), analytics (privacy-friendly), cloud (Cloudflare, Supabase), and any model providers your project explicitly involves. We never sell your data.

Inquiry data: 24 months. Active project data: for the duration of the engagement plus 7 years for tax/audit. You can request earlier deletion at any time.

Under GDPR/CCPA you can access, correct, port, restrict, or delete your data, and object to processing. Email privacy@cerebrix.studio and we'll respond within 30 days.

Encryption in transit and at rest, least-privilege access, mandatory MFA, and quarterly access reviews. No system is perfect — we'll notify affected users within 72 hours of a confirmed breach.

Questions or requests: privacy@cerebrix.studio.